Debian Security Vulnerabilities (CVEs)
Track 1,448 security vulnerabilities affecting Debian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This Linux kernel vulnerability allows local users to escalate privileges by exploiting a uid mapping bug in OverlayFS when copying capable files betw...
Mar 22, 2023This CVE describes a use-after-free vulnerability in Xen's shadow mode with log-dirty mode enabled. It allows a malicious guest VM to crash the hyperv...
Mar 21, 2023This CVE describes a denial-of-service vulnerability in Rack's multipart MIME parsing code. Attackers can craft malicious requests that cause excessiv...
Mar 10, 2023CVE-2023-27635 is a command injection vulnerability in debmany (part of debian-goodies) that allows attackers to execute arbitrary shell commands via ...
Mar 5, 2023This vulnerability allows local privilege escalation when users run 'systemctl status' via Sudo in certain configurations. Attackers can escape from t...
Mar 3, 2023This vulnerability is a heap buffer overflow in libde265's motion.cc component, allowing attackers to execute arbitrary code or cause denial of servic...
Mar 1, 2023CVE-2022-48337 is a command injection vulnerability in GNU Emacs' etags utility that allows attackers to execute arbitrary commands via shell metachar...
Feb 20, 2023Apache Commons FileUpload before version 1.5 has a denial-of-service vulnerability where attackers can overwhelm systems by sending unlimited file upl...
Feb 20, 2023This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption....
Feb 15, 2023CVE-2023-25725 is an HTTP request smuggling vulnerability in HAProxy that allows attackers to bypass access controls by sending specially crafted HTTP...
Feb 14, 2023This CVE describes a stack-based buffer overflow vulnerability in GPAC multimedia framework versions prior to 2.2. Attackers can exploit this by craft...
Feb 9, 2023This CVE describes a ReDoS (Regular Expression Denial of Service) vulnerability in Ruby on Rails Action Dispatch. Attackers can send specially crafted...
Feb 9, 2023This vulnerability in Django allows attackers to cause denial-of-service by sending HTTP requests with extremely large Accept-Language headers, which ...
Feb 1, 2023This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reusing a handle from a PUT to a POST request. Applic...
Dec 5, 2022CVE-2022-45188 is a heap-based buffer overflow vulnerability in Netatalk's afp_getappl function that allows remote code execution via a malicious .app...
Nov 12, 2022CVE-2022-2598 is an out-of-bounds write vulnerability in Vim's API that could allow arbitrary code execution when processing specially crafted input. ...
Aug 1, 2022CVE-2022-30287 is a reflection injection vulnerability in Horde Groupware Webmail Edition that allows attackers to instantiate driver classes and achi...
Jul 28, 2022A flaw in LibreOffice's password storage system weakens encryption from 128-bit to 43-bit entropy, making stored web connection passwords vulnerable t...
Jul 25, 2022CVE-2020-7677 is a remote code execution vulnerability in the thenify npm package where user-controlled input is passed directly to the eval() functio...
Jul 25, 2022This vulnerability in libtirpc allows remote attackers to exhaust file descriptors by exploiting mishandled idle TCP connections, potentially causing ...
Jul 20, 2022CVE-2022-1924 is an integer overflow vulnerability in the GStreamer multimedia framework's Matroska demuxer during LZO decompression. This can cause d...
Jul 19, 2022This CVE describes an integer overflow vulnerability in the qtdemux element of GStreamer when processing zlib-compressed data. It can cause denial of ...
Jul 19, 2022This CVE describes an integer overflow vulnerability in the matroskademux element of GStreamer's gst_matroska_demux_add_wvpk_header function. When par...
Jul 19, 2022CVE-2022-1922 is an integer overflow vulnerability in GStreamer's Matroska demuxer that can cause denial of service or potential heap overwrite during...
Jul 19, 2022LemonLDAP::NG versions through 2.0.8 do not validate X.509 certificates when connecting to LDAP backends by default, allowing man-in-the-middle attack...
Jul 18, 2022This vulnerability allows authentication bypass in LemonLDAP::NG when using the RESTServer plugin with Kerberos authentication combined with another m...
Jul 18, 2022This vulnerability in Mbed TLS allows unauthenticated attackers to send specially crafted DTLS ClientHello messages to servers with specific configura...
Jul 15, 2022This CVE describes an OS command injection vulnerability in Node.js that allows attackers to bypass host validation checks and perform DNS rebinding a...
Jul 14, 2022CVE-2022-35414 is an uninitialized read vulnerability in QEMU's memory management component that can lead to crashes when handling I/O operations. Thi...
Jul 11, 2022CVE-2022-35410 is a path traversal vulnerability in mat2 (metadata anonymization toolkit) that allows attackers to access sensitive files outside the ...
Jul 8, 2022This vulnerability in Eclipse Jetty's HTTP/2 server implementation allows attackers to cause denial of service by sending invalid HTTP/2 requests that...
Jul 7, 2022CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operati...
Jul 7, 2022Guzzle PHP HTTP client versions before 6.5.8 and 7.4.5 leak Authorization headers during cross-origin redirects when using the cURL handler. This expo...
Jun 27, 2022CVE-2022-31081 is an HTTP request smuggling vulnerability in HTTP::Daemon Perl library versions before 6.15. It allows attackers to bypass security co...
Jun 27, 2022CVE-2022-31084 is an arbitrary object instantiation vulnerability in LDAP Account Manager (LAM) that allows attackers to inject constructor arguments ...
Jun 27, 2022LDAP Account Manager versions before 8.0 contain a vulnerability where incorrect regular expressions allow uploading PHP scripts to the config/templat...
Jun 27, 2022CVE-2022-2129 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...
Jun 19, 2022CVE-2022-2124 is a buffer over-read vulnerability in Vim text editor that allows reading beyond allocated memory boundaries. This affects users runnin...
Jun 19, 2022CVE-2022-31291 is a double-free vulnerability in dlt-daemon's configuration file parser that allows attackers to cause memory corruption via crafted T...
Jun 16, 2022This CVE describes a buffer overflow vulnerability in PHP's pdo_mysql extension with mysqlnd driver when connecting with an excessively long password....
Jun 16, 2022CVE-2022-32278 is a remote code execution vulnerability in XFCE 4.16 where attackers can trick xdg-open into executing malicious .desktop files from a...
Jun 13, 2022Guzzle HTTP client versions before 6.5.7 and 7.4.4 expose sensitive cookie information during HTTP redirects. When a request to an HTTPS server redire...
Jun 10, 2022CVE-2022-2000 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...
Jun 9, 2022CVE-2022-31031 is a critical stack buffer overflow vulnerability in PJSIP's STUN implementation that allows remote code execution. It affects PJSIP us...
Jun 9, 2022This vulnerability allows local attackers to gain root privileges on 3CX Phone System installations by exploiting insecure sudo permissions for tcpdum...
Jun 7, 2022This vulnerability in the Linux kernel's netfilter component allows a local user with namespace creation privileges to escalate to root via a use-afte...
Jun 2, 2022CVE-2022-31799 is a critical vulnerability in Bottle web framework where improper error handling during early request binding can lead to remote code ...
Jun 2, 2022libcurl incorrectly reuses TLS/SSH connections when security settings have changed, potentially allowing sensitive data to be transmitted over less se...
Jun 2, 2022This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a differ...
Jun 2, 2022CVE-2022-1968 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tricking ...
Jun 2, 2022Why Monitor Debian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 1,448+ known vulnerabilities affecting Debian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Debian packages in under 60 seconds. No agents required - completely agentless scanning that works across Debian deployments.
Free vulnerability database: Access detailed information about every Debian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Debian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
